× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: e1d78799d1cd43dc5a9c3c7306439b04d6c5ac99fa9adc3fd1fd5032676e1077
Имя файла: keymaker.exe
Показатель выявления: 38 / 57
Дата анализа: 2015-05-19 14:56:58 UTC (3 лет, 6 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
Ad-Aware Gen:Packer.PESpin.A.euWaa4PZqt 20150519
Yandex Packed/PeSpin 20150519
AhnLab-V3 Trojan/Win32.Sdbot 20150519
ALYac Gen:Packer.PESpin.A.euWaa4PZqt 20150519
Avast Win32:Malware-gen 20150519
AVG BackDoor.Generic15.BHET 20150519
AVware Trojan.Win32.Packer.PESpinv1.32 (ep) 20150519
Baidu-International Hacktool.Win32.Keygen.KL 20150519
BitDefender Gen:Packer.PESpin.A.euWaa4PZqt 20150519
Bkav HW32.Packed.6212 20150519
ByteHero Virus.Win32.Heur.c 20150519
CAT-QuickHeal (Suspicious) - DNAScan 20150519
Comodo TrojWare.Win32.Agent.tare 20150519
Cyren W32/Heuristic-210!Eldorado 20150519
Emsisoft Gen:Packer.PESpin.A.euWaa4PZqt (B) 20150519
ESET-NOD32 Win32/Keygen.KL potentially unsafe 20150519
F-Prot W32/Heuristic-210!Eldorado 20150519
F-Secure Gen:Packer.PESpin.A.euWaa4PZqt 20150519
Fortinet W32/SDBot.CC!worm 20150519
GData Gen:Packer.PESpin.A.euWaa4PZqt 20150519
Ikarus Gen.Packer.PESpin 20150519
K7AntiVirus Riskware ( 0040eff71 ) 20150519
K7GW Riskware ( 0040eff71 ) 20150519
Malwarebytes RiskWare.Tool.HCK 20150519
McAfee RDN/Sdbot.worm!cc 20150519
McAfee-GW-Edition BehavesLike.Win32.Trojan.kc 20150519
eScan Gen:Packer.PESpin.A.euWaa4PZqt 20150519
NANO-Antivirus Trojan.Win32.Heuristic210.dmijek 20150519
Norman Packed_PeSpin.B 20150519
Panda Trj/CI.A 20150518
Rising PE:Trojan.Win32.Crypt.agl!1075334316 20150519
Sophos AV Mal/Packer 20150519
Symantec Backdoor.Sdbot 20150519
Tencent Trojan.Win32.YY.Gen.5 20150519
TheHacker W32/Behav-Heuristic-070 20150518
TrendMicro Cryp_PESpin 20150519
TrendMicro-HouseCall Suspicious_GEN.F47V0105 20150519
VIPRE Trojan.Win32.Packer.PESpinv1.32 (ep) 20150519
AegisLab 20150519
Alibaba 20150519
Antiy-AVL 20150519
Avira (no cloud) 20150519
ClamAV 20150519
CMC 20150518
DrWeb 20150519
Jiangmin 20150518
Kaspersky 20150519
Kingsoft 20150519
Microsoft 20150519
nProtect 20150519
Qihoo-360 20150519
SUPERAntiSpyware 20150519
TotalDefense 20150519
VBA32 20150519
ViRobot 20150519
Zillya 20150519
Zoner 20150518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Troj-Crypt.E
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x000100D4
Number of sections 5
PE sections
PE imports
InitCommonControls
LoadLibraryA
GetProcAddress
MessageBoxA
Number of PE resources by type
RT_ICON 4
IMAGE 1
RT_GROUP_ICON 1
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6144

LinkerVersion
0.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x100d4

InitializedDataSize
47104

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 e2b75c862bb136d9a9168929a6c9a00a
SHA1 cf200b6759a3429159fa6aaaff239042cadc8bd7
SHA256 e1d78799d1cd43dc5a9c3c7306439b04d6c5ac99fa9adc3fd1fd5032676e1077
ssdeep
1536:9/IKEJRjZa7NdUYjolwbxrtoE2sTe07UI:SKEJRdkTNjKI6fg7

authentihash 67e3b3190e321a8e212a22fbc0d4104d3ba2ce375c1fbf7f887f8c39e23e3d4b
imphash 820ab24e53af2dbafc74d24f87e40262
Размер файла 69.5 KБ ( 71168 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2015-01-05 15:13:57 UTC (3 лет, 11 месяцев назад)
Last submission 2018-12-10 05:10:06 UTC (13 часов, 7 минут назад)
Имена файлов Bandicam crack.exe
test.exe
keymaker.exe.exe
Bandicam Patch.exe
PATCH.exe
yX7zspAj92sKC6U52RCayLZQWTwdkAr81xA%3D&limit=0&content_type=application%2Fx-msdownload&fsize=71168&hid=4e3f8bcb3a27714f876e7cbee8df98d8&media_type=executable&tknv=v2
Bandicam Keymaker.exe
crack.exe
Carak-Maher.exe
Bandicam Universal Crack.exe
e1d78799d1cd43dc_bandicam universal crack.exe
e1d78799d1cd43dc_keymaker.exe
BandicamU.exe
Ativador Bandicam 4.0.1.exe
KeymakerForBandicam4.0.exe
e1d78799d1cd43dc_bdcamkey.exe
bandicam注册机-管理员省份运行.exe
banditos.exe
bandicam keymaker.exe
???.exe
keymaker (1).exe
banndhikamu.exe
eee
Bandicam_Keygen_go-lock.exe
Crack.Exe.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created mutexes
Runtime DLLs